As far as I can find on Google is that there's only 1 IIS patch(Web DAV security patch) (targeted directly at IIS itself) released in 2004, if you have updated using Windows Update since 2004, you should have that patch.

Most other components are usually stand alone and are either a part of .net or other CGI/FCGI/ISAPI component which are not counted directly as IIS.